Basic server setup (Ubuntu)

February 12, 2018
ubuntu linux reference

Disclaimer: This short guide is basically just a reminder to myself, where most of the content is based on Digital Ocean's Initial Server Setup with Ubuntu 16.04 and my own memory. There are some important steps that aren't included in this guide. If you're new to Linux or Ubuntu, I suggest that you read Digital Ocean's guide instead.

All commands in this guide (unless otherwise stated) assume you are currently logged in as root.

Add a user

We don't want to use the root user when logging in to our server, so we need to create a new user.

If you're only using keys to log in to your server (which you should), you can choose to not create a password for the new user using the --disabled-password option. Please note that you'll be unable to use sudo with this user unless you also perform the steps in this post.

adduser <user> [--disabled-password]

Root privileges

Our newly created user will typically need root privileges:

usermod -aG sudo <user>

Now, if you want this user to be able to use sudo without the need for a password, here's how to accomplish this.

Public Key Authentication

At this point we're ready to copy the public keys to the newly created user's .ssh folder. I won't cover all the details of this process in this guide. Please refer to the previously mentioned Digital Ocean guide if you're uncertain of how to do this.

We will need to set the correct permissions:

Note: These commands assume you are logged in as your newly created user.

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Also make sure that these files are owned by the user we just created.

Disable password authentication

On new Digital Ocean droplets, this step is usually already done when creating the droplet. Just to make sure, we'll check to see if the file /etc/ssh/sshd_config contains the following lines and that none of them are commented out:

PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no

If you did any changes, reload the SSH daemon:

systemctl reload sshd

Note: Try connecting to your server in a separate tab/window before disconnecting.

Firewall

We need to make sure that our server doesn't expose unnecessary ports and protocols, so lets configure UFW in the most basic way possible:

ufw allow OpenSSH
ufw enable

Note: At this point you should once more verify that you're able to log in to your server.

This concludes this short guide on how to perform the initial steps when creating a new Ubuntu (16.04) server.


You can verify that this post was written by me by pasting the signature into keybase.io/verify.